package com.example.demo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/", "/login").permitAll()// 白名单，设置不拦截路径
				.anyRequest().authenticated().and().formLogin().loginPage("/login")// 登入页面访问的路径
				.defaultSuccessUrl("/chat")// 登入成功后跳转的页面
				.permitAll().and().logout().permitAll();
	}

	// 在内存中分别配置两个用户xupx和xumh，密码和用户名一致，角色是USER
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication().withUser("xupx").password("xupx").roles("USER").and().withUser("xumh")
				.password("xumh").roles("USER");
	}
	//resources/static下的静态资源，不拦截
	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/resources/static/**");
	}
}
